Spy Agency Mined Vast Data Trove

WASHINGTON, Dec. 23 - The National Security Agency has traced and analyzed
large volumes of telephone and Internet communications flowing into and out of
the United States as part of the eavesdropping program that President Bush
approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist
activity, according to current and former government officials.

The volume of information harvested from telecommunication data and voice
networks, without court-approved warrants, is much larger than the White House
has acknowledged, the officials said. It was collected by tapping directly
into some of the American telecommunication system's main arteries, they said.

As part of the program approved by President Bush for domestic surveillance
without warrants, the N.S.A. has gained the cooperation of American
telecommunications companies to obtain backdoor access to streams of domestic
and international communications, the officials said.

The government's collection and analysis of phone and Internet traffic have
raised questions among some law enforcement and judicial officials familiar
with the program. One issue of concern to the Foreign Intelligence
Surveillance Court, which has reviewed some separate warrant applications
growing out of the N.S.A.'s surveillance program, is whether the court has
legal authority over calls outside the United States that happen to pass
through American-based telephonic "switches," according to officials familiar
with the matter.

"There was a lot of discussion about the switches" in conversations with the
court, a Justice Department official said, referring to the gateways through
which much of the communications traffic flows. "You're talking about access
to such a vast amount of communications, and the question was, How do you
minimize something that's on a switch that's carrying such large volumes of
traffic? The court was very, very concerned about that."

Since the disclosure last week of the N.S.A.'s domestic surveillance program,
President Bush and his senior aides have stressed that his executive order
allowing eavesdropping without warrants was limited to the monitoring of
international phone and e-mail communications involving people with known
links to Al Qaeda.

What has not been publicly acknowledged is that N.S.A. technicians, besides
actually eavesdropping on specific conversations, have combed through large
volumes of phone and Internet traffic in search of patterns that might point
to terrorism suspects. Some officials describe the program as a large data-
mining operation.

The current and former government officials who discussed the program were
granted anonymity because it remains classified.

Bush administration officials declined to comment on Friday on the technical
aspects of the operation and the N.S.A.'s use of broad searches to look for
clues on terrorists. Because the program is highly classified, many details of
how the N.S.A. is conducting it remain unknown, and members of Congress who
have pressed for a full Congressional inquiry say they are eager to learn more
about the program's operational details, as well as its legality.

Officials in the government and the telecommunications industry who have
knowledge of parts of the program say the N.S.A. has sought to analyze
communications patterns to glean clues from details like who is calling whom,
how long a phone call lasts and what time of day it is made, and the origins
and destinations of phone calls and e-mail messages. Calls to and from
Afghanistan, for instance, are known to have been of particular interest to
the N.S.A. since the Sept. 11 attacks, the officials said.

This so-called "pattern analysis" on calls within the United States would, in
many circumstances, require a court warrant if the government wanted to trace
who calls whom.

The use of similar data-mining operations by the Bush administration in other
contexts has raised strong objections, most notably in connection with the
Total Information Awareness system, developed by the Pentagon for tracking
terror suspects, and the Department of Homeland Security's Capps program for
screening airline passengers. Both programs were ultimately scrapped after
public outcries over possible threats to privacy and civil liberties.

But the Bush administration regards the N.S.A.'s ability to trace and analyze
large volumes of data as critical to its expanded mission to detect terrorist
plots before they can be carried out, officials familiar with the program say.
Administration officials maintain that the system set up by Congress in 1978
under the Foreign Intelligence Surveillance Act does not give them the speed
and flexibility to respond fully to terrorist threats at home.

A former technology manager at a major telecommunications company said that
since the Sept. 11 attacks, the leading companies in the industry have been
storing information on calling patterns and giving it to the federal
government to aid in tracking possible terrorists.

"All that data is mined with the cooperation of the government and shared with
them, and since 9/11, there's been much more active involvement in that area,"
said the former manager, a telecommunications expert who did not want his name
or that of his former company used because of concern about revealing trade
secrets.

Such information often proves just as valuable to the government as
eavesdropping on the calls themselves, the former manager said.

"If they get content, that's useful to them too, but the real plum is going to
be the transaction data and the traffic analysis," he said. "Massive amounts
of traffic analysis information - who is calling whom, who is in Osama Bin
Laden's circle of family and friends - is used to identify lines of
communication that are then given closer scrutiny."

Several officials said that after President Bush's order authorizing the
N.S.A. program, senior government officials arranged with officials of some of
the nation's largest telecommunications companies to gain access to switches
that act as gateways at the borders between the United States' communications
networks and international networks. The identities of the corporations
involved could not be determined.

The switches are some of the main arteries for moving voice and some Internet
traffic into and out of the United States, and, with the globalization of the
telecommunications industry in recent years, many international-to-
international calls are also routed through such American switches.

One outside expert on communications privacy who previously worked at the
N.S.A. said that to exploit its technological capabilities, the American
government had in the last few years been quietly encouraging the
telecommunications industry to increase the amount of international traffic
that is routed through American-based switches.

The growth of that transit traffic had become a major issue for the
intelligence community, officials say, because it had not been fully addressed
by 1970's-era laws and regulations governing the N.S.A. Now that foreign calls
were being routed through switches on American soil, some judges and law
enforcement officials regarded eavesdropping on those calls as a possible
violation of those decades-old restrictions, including the Foreign
Intelligence Surveillance Act, which requires court-approved warrants for
domestic surveillance.

Historically, the American intelligence community has had close relationships
with many communications and computer firms and related technical industries.
But the N.S.A.'s backdoor access to major telecommunications switches on
American soil with the cooperation of major corporations represents a
significant expansion of the agency's operational capability, according to
current and former government officials.

Phil Karn, a computer engineer and technology expert at a major West Coast
telecommunications company, said access to such switches would be significant.
"If the government is gaining access to the switches like this, what you're
really talking about is the capability of an enormous vacuum operation to
sweep up data," he said.